Re: 90% of Linux Systems Have Never Been Infected ...

From: Royce Williams <royce@alaska.net>
Date: Wed Jul 28 2004 - 12:58:45 AKDT

On 7/28/2004 12:05 PM, Wesley Brown wrote:

> So are you saying that there have been alot more?
> That there is a population of Linux developers out
> there that are supressing information?

I'm usually pretty paranoid, but I don't think there's a Linux-user
security-suppression conspiracy. :)

I should have been more explicit. My point is that anyone who says
"I've never been hacked", regardless of operating system, cannot
actually know that. Only clumsy cracking is easily detected; there are
some pretty sophisticated rootkits that capture what is presumably only
a fraction of someone's expert knowledge. Much of that knowledge is
about how to keep the compromise undetected for a non-trivial amount
of time.

I'm of the opinion that such surveys should be careful to phrase such
options as "I've never detected a successful compromise" instead of
"I've never been hacked." Anything else gives a false sense of
security (pun intended).

> I ask because I hve been doing alot of thinking
> lately. I am a newbie to Linux but relatively
> experienced with windows. Whenever I load a new
> windows os the first thing I do is install anti-virus,
> spyware protection, and a software firewall before I
> connect to any network or even load any software
> essential to prospective task. I do none of this to
> my Linux machines and I am comfortable with this.
> Should I worry, am I missing something?

I'm a pretty big believer that taking steps to make sure that a new box
will only accept expected traffic (iptables/ipf/pf/whatever) and other
measures should be carried out before the box has any connectivity.

Most of the CERT security-improvement stuff at

    http://www.cert.org/security-improvement/

... is good advice, regardless of OS. Some of it's geared to the
enterprise, but a lot of can apply to a single workstation. Keeps you
sharp to "practice" them no matter what box you're on.

Your comfortableness is understandable, given the track record of
the various OSes -- but as other operating systems gain "system share",
that policy may not scale.

Just my 2¢ -- IDNHAJTCTWS ("I Do Not Have A Job Title Containing The
Word "Security"). :)

-royce

-- 
------------------------------------------------------------------------
Royce D. Williams                                  - IP Engineering, ACS
personal: [first]@alaska.net                    - PGP: 3FC087DB/1776A531
work: [first.last]@acsalaska.net           - http://www.tycho.org/royce/
> 
> Wesley Brown
> 
> --- Royce Williams <royce@alaska.net> wrote:
> 
> 
>>On 7/28/2004 9:32 AM, Stanley Long wrote:
>>
>>
>>>[...] Further, 78% of Linux developers say that
>>
>>their
>>
>>>Linux systems have never been hacked [...]
>>
>>... that they know of.
---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.
Received on Wed Jul 28 12:58:25 2004

This archive was generated by hypermail 2.1.8 : Wed Jul 28 2004 - 12:58:27 AKDT